Protect and Manage the (Crypto) Keys to Your Castle

Jeff Kalwerisky will give us an overview of the most dangerous mistakes organizations are making when it comes to key management and how you can implement a series of best practices to mitigate these mistakes today.

In the age of digital transformation trust is key to the growth of services in both the public and private sectors. With more and more services evolving and innovating around digital identity there is a universal need to bridge and balance business incentives with government requirements. At Kantara Initiative we see the transformation cycle as a 4 stage process: strategy setting, innovation, deployment, and assurance. Few, if any, organizations can succeed at all of the strategic stages of change and innovation in isolation. We invite you to join us to discuss how trust frameworks will evolve to bridge the digital transformation of identity assurance.

Managing a secure SSL environment is getting complex. Recent industry standards and security vulnerabilities required IT to migrate from SHA-1 to SHA-2 hash algorithm, find alternatives for certificates with non-fully-qualified domain (FQDN) names and replace certificates impacted by the Heartbleed vulnerability. In addition, initiatives like Google’s “HTTPS everywhere” or always-on SSL on Google search may increase the deployment of SSL certificates in an organization. All these changes add to the challenges of managing SSL certificates.

In the meantime, IT managers have to continue to provide optimal system performance to meet their users’ needs while staying within their budget.

Attend this exclusive webinar to:

- Discover recent changes and challenges with SSL certificate management
- Learn how you can minimize time and resources in monitoring and managing SSL certificates with Symantec Certificate Intelligence Center (CIC)
- Find out how you can optimize the performance of SSL encryption and decryption with the A10 Thunder Application Delivery Controller (ADC) from A10 Networks

Cryptography is the practice and study of techniques for keeping secrets. While the practice of keeping information hidden, or secured, has been around throughout the history of mankind, Modern Cryptography has evolved into much more. Now we use various algorithms (a fancy word for mathematical formulas) to not only keep information secured (Confidentiality), but also to authenticate the message and the originator of that message (Authentication); to stop the sender of the message from denying they sent it (Non-Repudiation); and to make sure that the information has not accidentally or purposely altered or corrupted (Integrity). This basic workshop will explain the basic concepts discussed above, as well as the differences between Symmetric and Asymmetric encryption. We will discuss Steganograhy, Digital certificates, Public Key Infrastructure and Digital Signatures. Although the workshop is to enhance basic understanding of these concepts, anyone studying for one of the major certification examinations in information security, such as the recently launched EC-Council Certified Chief Information Security Officer (C|CISO) will need to have a good grasp of these important concepts.

On Cyber Monday, your organization’s employees will return from the Thanksgiving weekend, ready to kick off the online holiday shopping season – from their desks and devices. Last year over 500+ million identities were exposed via breaches. And with malware and phishing also in the news, join us to find out how you can protect not only your business but your employees’ personal information as they shop-from-work during the season.

Learn more about the proactive steps you can do for protection including:
· How you are the first line of defense when it comes to protection – password management and user access
· When and how data should be encrypted
· How to fight social engineered exploits: malicious web sites, malicious look-alike mobile apps and deceptive emails

Vendors are priming a great future when the Internet of Things (IoT) becomes a reality. The reality is that the Internet of Things is here today. IoT has been with us in various incarnations over the last ten years or so. To protect yourself, your network and your business you need to think of the larger picture of securing the device to the network and back again.
IoT today is in its infancy, even though it’s been around a long time. There are no standards overall and there are industry nuances that further complicate security.

View this recorded webcast to learn:
· What the IoT means today
· What devices have been hacked and what have not
· Practical approaches and best practices for dealing with the security issues that IoT creates

It is extremely challenging to maintain a successful online business. The landscape is crowded and competition fierce. It is not enough to just have a good product; companies really have to stand out to attract online shoppers. On top of that, news of stolen identities from cybercriminals add yet another barrier as shoppers become very cautious about which online sites to trust their information to.

View this recorded webcast to learn:
· How to drive traffic to your site
· What do you need to turn shoppers into buyers
· How to increase buyer loyalty

Last year brought a lot of news about government snooping and public attacks against certain encryption and hash algorithms. These developments should concern anyone that values data privacy.

View this recorded session with the Online Trust Alliance and Akamai Technologies to discover the current best practices in securing your website and internal infrastructure. Learn how to implement Always on SSL (AOSSL) and Perfect Forward Secrecy (PFS) to better secure your data.

Join us to learn:
· How to implement AOSSL and PFS in your environment
· What precautions you need to take to protect your website and intranet infrastructure

The buzz phrase du jour, the ‘Internet of Things’, – AKA the “Internet of Everything” – refers to a myriad of everyday devices which are being connected to the Internet, each with its own IP address. The IoT will comprise large numbers of such low-cost “smart” devices, up to 26 billion by 2020, according Gartner. They range from “smart” watches (Hi Apple!) to microwaves, and heart monitors to “smart” power grids.

Predictably, the hype about the future benefits is in full force. And, yes, some of these benefits may actually happen. However, based on past disruptive trends, we can be certain that: (1) hackers, crackers, and attackers will not be slow to spot new opportunities for badware; (2) the IoT will generate gigantic amounts of data at very high velocity, with associated privacy concerns, and (3) boring stuff like updates and patches are going to be tough to do.

The question, “What Can Possibly Go Wrong?”, must temper out enthusiasm for this immersive new environment so that we can avoid some of the security disasters of the past, particularly in sensitive industries, like healthcare and nationwide utility grids. This session will review the IoT from the viewpoint of cybersecurity and data privacy and develop some guidelines for the pragmatic and cautious user.

Join us to learn about Symantec Secure App Service - a better way to sign code and secure applications.

Traditional code signing provides a way for software publishers to assure their customers that the apps and files they have downloaded are, indeed, from them and have not been tampered with. Unfortunately, inadequate controls around this process can lead to malware propagation.

Compromised certificates make news headlines and can lead to poor reputation for your company, and revoking these certificates could result in your distributed applications to suddenly appear as untrusted.

Symantec Secure App Service is a cloud-based code signing and management solution with a complete range of services to help enterprises control and secure their code signing activities and keys easily. Services include vetting and approval of software publishers, code signing, key protection and revocation, administrative controls, reporting and audit logs.

With the recently discovered Heartbleed vulnerability, information security professionals and end users are feeling the pressure and impact to better protect their information. The task of securing your organization and information can seem overwhelming.

View this webcast to get step-by-step instructions on how to protect your business and information, and keep your communications secure.

Learn about:
· What is Heartbleed and the impact it has
· Understand how the vulnerability is exploited and how you can detect it
· Steps you need to take to secure information now and going forward

The venerable password or PIN has been with us a long time to authenticate online users. But its last day is rapidly approaching. Users can no longer cope with the plethora of passwords to be remembered for a myriad of Websites, Enterprise logins, VPNs, and more. Even worse, every day seems to bring yet another incident of wholesale theft of IDs and passwords from sites with less than stellar security.

The FIDO Alliance was formed specifically to develop specifications for reducing reliance on passwords. Even more encouraging, several startups are addressing the problem of replacing passwords in innovative ways. Heather Adkins, Google's manager of information security, put it succinctly recently when she commented that “the game is over” for startups that rely on passwords as the chief method to secure users and their data. She noted that "passwords are done at Google."

This Webinar will examine the state of the art in authentication and how we will soon have much stronger identities in the digital world. It will discuss the problems with passwords and review solutions we will likely see in the near future to replace passwords and make us more secure and less hassled by having to remember so many different electronic identities.

Cryptography is the practice and study of techniques for keeping secrets. While the practice of keeping information hidden, or secured, has been around throughout the history of mankind, Modern Cryptography has evolved into much more. Now we use various algorithms (a fancy word for mathematical formulas) to not only keep information secured (Confidentiality), but also to authenticate the message and the originator of that message (Authentication); to stop the sender of the message from denying they sent it (Non-Repudiation); and to make sure that the information has not accidentally or purposely altered or corrupted (Integrity). This basic workshop will explain the basic concepts discussed above, as well as the differences between Symmetric and Asymmetric encryption. We will discuss Steganograhy, Digital certificates, Public Key Infrastructure and Digital Signatures. Although the workshop is to enhance basic understanding of these concepts, anyone studying for one of the major certification examinations in information security, such as the recently launched EC-Council Certified Chief Information Security Officer (C|CISO) will need to have a good grasp of these important concepts.

Today, having an Identity Management strategy is not only an IT need but rather a business priority. Identity and Identity Access Management is evolving and connecting to your customers, citizens, and partners means the difference between business as usual and business building innovation. Identity Relationship Management provides a common language for the evolution of identity as a driver of revenue. Building upon data context and the emerging internet of things, with respect for user control of data sharing, identity is now a powerful connection tool that fosters and supports relationships.

Jeff Kalwerisky will give us an overview of the most dangerous mistakes organizations are making when it comes to key management and how you can implement a series of best practices to mitigate these mistakes today.

Virtually every business has contemplated moving data to the cloud. For many companies, the risk of storing certain classes of un-encrypted data in the cloud is not acceptable. Encrypting data, however, can hinder your ability to share that information with others.

What you put in the cloud and how you protect it will largely determine what you, and to some degree, what an adversary can do with it. This webinar will discuss different approaches to sharing encrypted data in the cloud, and highlight the benefits and drawbacks of each model.

In this presentation, Jeff Kalwerisky will give us a run-down of the latest high profile OpenSSL vulnerabilities that led to some of the most devastating data breaches on record. He will discuss how these vulnerabilities remained un-detected, how key management plays a key role in your vulnerability in the wake of an OpenSSL flaw and a look forward into how encryption and SSL will work in the wake of Heartbleed.

Data Encryption has been spoken about for years, but finally ENCRYPTION importance has come front-page. From the recent Snowden NSA Affair to major data breaches at Target, companies now have no choice but to consider securing their data at the source.

This presentation will introduce you to your responsibilities in providing your customers with the Due Diligence (Risk Control and Executive Management Oversight) and Due Care (Continuous Monitoring through Security Practices, Procedures, Policies, Processes and Standards) that their personal data deserves.

Addressing virtually any of the current security mega-trends – government surveillance, privacy regulation, BYOD, cloud computing and big data - drives the need for more cryptography across core systems infrastructure and critical business applications. Whether encrypting sensitive data, strengthening IDs and credentials or digitally signing documents and software the actual security benefits you gain depend heavily on how you manage your cryptographic keys. Key management is not a simple task and it carries with it serious business continuity issues, real operational costs and is frequently a point of scrutiny for auditors. The days of using spreadsheets and thumb drives for managing cryptographic keys are numbered.
During this session we will look at the types of keys that organizations have to manage, and how the key management challenge varies across multiple use cases in the enterprise. We’ll cover developments in the area of key management technologies, new standards that are emerging and preview the results of a global survey on the use of encryption and key management practices.

Symantec Website Security Solutions allow companies and consumers to engage in communications and commerce online with trust and confidence. With more than one and a half million web servers using our SSL certificates, an infrastructure that processes more than four and a half billion certificate checks daily, and a trust mark that is seen more than half a billion times a day in 170 countries, the Norton Secured seal is the most recognized symbol of trust on the Internet.